Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,844
Maven
5,000+
npm
4,470
NuGet
779
pip
4,231
Pub
12
RubyGems
974
Rust
1,093
Swift
48
Unreviewed advisories
All unreviewed
5,000+

1,754 advisories

Loading
A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is... Moderate Unreviewed
CVE-2026-0649 was published Jan 7, 2026
Mailpit Proxy Endpoint has Server-Side Request Forgery (SSRF) vulnerability Moderate
CVE-2026-21859 was published for github.com/axllent/mailpit (Go) Jan 6, 2026
omarkurt
Credited to omarkurt
The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Server-Side Request Forgery... Moderate Unreviewed
CVE-2025-14438 was published Jan 6, 2026
Spinnaker vulnerable to SSRF due to improper restrictions on http from user input High
CVE-2025-61916 was published for io.spinnaker.clouddriver:clouddriver-artifacts (Maven) Jan 5, 2026
jake-ciolek CodeWobbler
jasonmcintosh Jaimeoby
Credited to jake-ciolek, CodeWobbler, jasonmcintosh, and Jaimeoby
evershop allows unauthenticated attackers to force server to initiate HTTP request via "GET /images" API Moderate
CVE-2025-67427 was published for @evershop/evershop (npm) Jan 5, 2026
Craft CMS vulnerable to Server-Side Request Forgery (SSRF) via GraphQL Asset Upload Mutation Moderate
CVE-2025-68437 was published for craftcms/cms (Composer) Jan 5, 2026
mHe4am
Credited to mHe4am
A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function... Moderate Unreviewed
CVE-2025-15414 was published Jan 2, 2026
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-14627 was published Jan 1, 2026
Server-Side Request Forgery (SSRF) vulnerability in extendons WordPress & WooCommerce Scraper... Moderate Unreviewed
CVE-2025-62088 was published Dec 31, 2025
Server-Side Request Forgery (SSRF) vulnerability in Jthemes Genemy allows Server Side Request... Moderate Unreviewed
CVE-2025-59138 was published Dec 31, 2025
A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function... Moderate Unreviewed
CVE-2025-15373 was published Dec 31, 2025
A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the... Moderate Unreviewed
CVE-2025-15264 was published Dec 30, 2025
Server-Side Request Forgery (SSRF) vulnerability in Youzify Youzify youzify allows Server Side... Moderate Unreviewed
CVE-2025-69014 was published Dec 30, 2025
hemmelig allows SSRF Filter bypass via Secret Request functionality Moderate
CVE-2025-69206 was published for hemmelig (npm) Dec 29, 2025
Alakinnn
Credited to Alakinnn
A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server... Critical Unreviewed
CVE-2024-25181 was published Dec 29, 2025
Server-Side Request Forgery (SSRF) vulnerability in HETWORKS WordPress Image shrinker allows... Moderate Unreviewed
CVE-2025-68893 was published Dec 29, 2025
A vulnerability was determined in YunaiV yudao-cloud up to 2025.11. This affects the function... Moderate Unreviewed
CVE-2025-15098 was published Dec 26, 2025
Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management... Moderate Unreviewed
CVE-2019-25251 was published Dec 24, 2025
Server-Side Request Forgery (SSRF) vulnerability in Yannick Lefebvre Link Library link-library... Critical Unreviewed
CVE-2025-68600 was published Dec 24, 2025
Server-Side Request Forgery (SSRF) vulnerability in bdthemes Prime Slider – Addons For Elementor... Critical Unreviewed
CVE-2025-68500 was published Dec 24, 2025
Server-Side Request Forgery (SSRF) vulnerability in 6Storage 6Storage Rentals 6storage-rentals... Critical Unreviewed
CVE-2025-67623 was published Dec 24, 2025
httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage High
CVE-2025-68696 was published for httparty (RubyGems) Dec 23, 2025
lambdasawa ashkulz
Credited to lambdasawa and ashkulz
Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service Moderate
CVE-2025-67743 was published for local-deep-research (pip) Dec 23, 2025
yueyueL
Credited to yueyueL
Hasura GraphQL 1.3.3 contains a server-side request forgery vulnerability that allows attackers... Moderate Unreviewed
CVE-2021-47715 was published Dec 23, 2025
Cowrie has a SSRF vulnerability in wget/curl emulation enabling DDoS amplification Moderate
CVE-2025-34469 was published for cowrie (pip) Dec 20, 2025
filippolauria mcastellaneta
claudiopo82
Credited to filippolauria, mcastellaneta, and claudiopo82
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database